Něco se mi vnucuje do PC, viz.přílohy
Prosím poraďte jak se toho zbavím.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Eset blokuje jakési adresy
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Eset blokuje jakési adresy
zasílám protokol:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ferda at 12:54:35,46 on ne 27.06.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1268 [GMT 2:00]
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\Fjoqub.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\DOCUME~1\Ferda\LOCALS~1\Temp\Fpv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ferda\Plocha\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: WebTransBHO Class: {2db66063-bb98-466a-aa0d-3e7acf5ed853} - c:\windows\WebIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WebTranslator: {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - c:\windows\WebIE.dll
TB: &Crawler lišta: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [OEXPRESS] c:\windows\OETRN.EXE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [QNB2EB90WX] c:\docume~1\ferda\locals~1\temp\Fpv.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ferda\dataap~1\mozilla\firefox\profiles\sdqgzisw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\progra~1\crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\crawler\firefox\components\xsupport.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-17 14336]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2001-5-21 8051]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2009-6-4 223128]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]
S3 GT680xNT;ColorPage-Vivid 1200X;c:\windows\system32\drivers\Gt680x.sys [2010-1-12 17376]
S3 RockfireAnalogJoystickEnabler;Rockfire Analog Gamedevice driver;c:\windows\system32\drivers\RFTBtn.sys [2001-5-21 10339]
=============== Created Last 30 ================
2010-06-26 20:35:10 162816 ----a-w- c:\windows\Fjoqub.exe
2010-06-26 18:53:06 162816 ----a-w- c:\windows\Fjoqua.exe
2010-06-26 18:52:58 205824 ----a-w- c:\windows\system32\sshnas21.dll
2010-06-22 07:08:17 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-20 17:51:46 0 d---a-w- C:\moje
2010-06-19 18:36:51 0 d-----w- C:\DriveKey
2010-06-19 15:06:23 0 d-----w- c:\docume~1\alluse~1\dataap~1\Nero
2010-06-11 18:45:25 0 d--h--w- c:\windows\system32\GroupPolicy
2010-06-11 14:10:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 13:41:30 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-06-02 13:41:30 21504 ----a-w- c:\windows\system32\hidserv.dll
==================== Find3M ====================
2010-06-27 05:24:37 85828 ----a-w- c:\windows\system32\perfc005.dat
2010-06-27 05:24:37 443776 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 07:08:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-06 10:35:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09:42 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 15:43:32 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-24 15:43:32 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-20 05:32:05 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 13:56:03 528 ----a-r- C:\MediaID.bin
2010-04-12 15:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 23:06:46 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-29 23:02:56 295264 ----a-w- c:\windows\system32\PresentationHost.exe
============= FINISH: 12:55:20,93 ===============
Pro úplnost uvádím, že jsem pc prohnal Eset on line skenerem s tímto výsledkem:
26.6.2010 20:52:25 HTTP filter súbor http://vreefinolass.org/keygen/Serial.N ... .13100.exe variant infiltrácie Win32/Kryptik.EZO trójsky kôň prerušené spojenie - uložený do karantény FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
26.6.2010 20:52:25 HTTP filter súbor http://vreefinolass.org/keygen/Serial.N ... .13100.exe variant infiltrácie Win32/Kryptik.EZO trójsky kôň prerušené spojenie - uložený do karantény FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
26.6.2010 20:52:24 HTTP filter súbor http://vreefinolass.org/keygen/Serial.N ... .13100.exe variant infiltrácie Win32/Kryptik.EZO trójsky kôň prerušené spojenie - uložený do karantény FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
26.6.2010 20:18:37 HTTP filter súbor http://crackstorage.net/get_uploaded_file.php pravdepodobne variant infiltrácie Win32/PSW.Agent trójsky kôň prerušené spojenie - uložený do karantény FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
26.6.2010 14:05:36 Rezidentná ochrana súbor E:\Programy\Fraps.v2.7.4.Full.Reg počet snímků.exe pravdepodobne variant infiltrácie Win32/TrojanDownloader.Agent trójsky kôň vyliečený zmazaním (po najbližšom reštarte) - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\Explorer.EXE.
20.6.2010 16:58:00 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
19.6.2010 20:19:18 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
19.6.2010 18:03:28 HTTP filter súbor http://www.instaluj-download.cz/audio-v ... _trial.exe Win32/Toolbar.AskSBar aplikácia prerušené spojenie - uložený do karantény FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
19.6.2010 17:30:34 Rezidentná ochrana súbor C:\DOCUME~1\Ferda\LOCALS~1\Temp\NERO1005256\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar aplikácia vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená na novom súbore, ktorý bol vytvorený aplikáciou: C:\Documents and Settings\Ferda\Plocha\Nero 9\Nero-9.4.13.2d_trial.exe.
19.6.2010 17:02:37 HTTP filter súbor http://www.instaluj-download.cz/audio-v ... _trial.exe Win32/Toolbar.AskSBar aplikácia prerušené spojenie - uložený do karantény Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
19.6.2010 16:48:16 Rezidentná ochrana súbor C:\DOCUME~1\Ferda\LOCALS~1\Temp\NERO1005256\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar aplikácia vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená na novom súbore, ktorý bol vytvorený aplikáciou: C:\Documents and Settings\Ferda\Plocha\Nero-9.4.13.2d_trial.exe.
19.6.2010 9:14:38 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
19.6.2010 8:30:44 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
19.6.2010 7:14:00 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
12.6.2010 21:17:07 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
12.6.2010 20:58:31 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
24.4.2010 6:49:41 POP3 filter emailová správa od: "Support Celia Witt" <label@dhl.com> adresovaná: <mynar.czechgame@volny.cz> s predmetom *SPAM* DHL Delivery Problem NR.85162 s dátumom Fri, 23 Apr 2010 10:35:46 +0100 variant infiltrácie Win32/Sapik trójsky kôň obsahoval infikované súbory FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri preberaní elektronickej pošty aplikáciou: C:\Program Files\Outlook Express\msimn.exe.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ferda at 12:54:35,46 on ne 27.06.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1268 [GMT 2:00]
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\Fjoqub.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\DOCUME~1\Ferda\LOCALS~1\Temp\Fpv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ferda\Plocha\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: WebTransBHO Class: {2db66063-bb98-466a-aa0d-3e7acf5ed853} - c:\windows\WebIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WebTranslator: {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - c:\windows\WebIE.dll
TB: &Crawler lišta: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [OEXPRESS] c:\windows\OETRN.EXE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [QNB2EB90WX] c:\docume~1\ferda\locals~1\temp\Fpv.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ferda\dataap~1\mozilla\firefox\profiles\sdqgzisw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\progra~1\crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\crawler\firefox\components\xsupport.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-17 14336]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2001-5-21 8051]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2009-6-4 223128]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]
S3 GT680xNT;ColorPage-Vivid 1200X;c:\windows\system32\drivers\Gt680x.sys [2010-1-12 17376]
S3 RockfireAnalogJoystickEnabler;Rockfire Analog Gamedevice driver;c:\windows\system32\drivers\RFTBtn.sys [2001-5-21 10339]
=============== Created Last 30 ================
2010-06-26 20:35:10 162816 ----a-w- c:\windows\Fjoqub.exe
2010-06-26 18:53:06 162816 ----a-w- c:\windows\Fjoqua.exe
2010-06-26 18:52:58 205824 ----a-w- c:\windows\system32\sshnas21.dll
2010-06-22 07:08:17 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-20 17:51:46 0 d---a-w- C:\moje
2010-06-19 18:36:51 0 d-----w- C:\DriveKey
2010-06-19 15:06:23 0 d-----w- c:\docume~1\alluse~1\dataap~1\Nero
2010-06-11 18:45:25 0 d--h--w- c:\windows\system32\GroupPolicy
2010-06-11 14:10:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 13:41:30 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-06-02 13:41:30 21504 ----a-w- c:\windows\system32\hidserv.dll
==================== Find3M ====================
2010-06-27 05:24:37 85828 ----a-w- c:\windows\system32\perfc005.dat
2010-06-27 05:24:37 443776 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 07:08:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-06 10:35:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09:42 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 15:43:32 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-24 15:43:32 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-20 05:32:05 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 13:56:03 528 ----a-r- C:\MediaID.bin
2010-04-12 15:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 23:06:46 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-29 23:02:56 295264 ----a-w- c:\windows\system32\PresentationHost.exe
============= FINISH: 12:55:20,93 ===============
Pro úplnost uvádím, že jsem pc prohnal Eset on line skenerem s tímto výsledkem:
26.6.2010 20:52:25 HTTP filter súbor http://vreefinolass.org/keygen/Serial.N ... .13100.exe variant infiltrácie Win32/Kryptik.EZO trójsky kôň prerušené spojenie - uložený do karantény FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
26.6.2010 20:52:25 HTTP filter súbor http://vreefinolass.org/keygen/Serial.N ... .13100.exe variant infiltrácie Win32/Kryptik.EZO trójsky kôň prerušené spojenie - uložený do karantény FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
26.6.2010 20:52:24 HTTP filter súbor http://vreefinolass.org/keygen/Serial.N ... .13100.exe variant infiltrácie Win32/Kryptik.EZO trójsky kôň prerušené spojenie - uložený do karantény FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
26.6.2010 20:18:37 HTTP filter súbor http://crackstorage.net/get_uploaded_file.php pravdepodobne variant infiltrácie Win32/PSW.Agent trójsky kôň prerušené spojenie - uložený do karantény FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
26.6.2010 14:05:36 Rezidentná ochrana súbor E:\Programy\Fraps.v2.7.4.Full.Reg počet snímků.exe pravdepodobne variant infiltrácie Win32/TrojanDownloader.Agent trójsky kôň vyliečený zmazaním (po najbližšom reštarte) - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\Explorer.EXE.
20.6.2010 16:58:00 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
19.6.2010 20:19:18 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
19.6.2010 18:03:28 HTTP filter súbor http://www.instaluj-download.cz/audio-v ... _trial.exe Win32/Toolbar.AskSBar aplikácia prerušené spojenie - uložený do karantény FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
19.6.2010 17:30:34 Rezidentná ochrana súbor C:\DOCUME~1\Ferda\LOCALS~1\Temp\NERO1005256\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar aplikácia vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená na novom súbore, ktorý bol vytvorený aplikáciou: C:\Documents and Settings\Ferda\Plocha\Nero 9\Nero-9.4.13.2d_trial.exe.
19.6.2010 17:02:37 HTTP filter súbor http://www.instaluj-download.cz/audio-v ... _trial.exe Win32/Toolbar.AskSBar aplikácia prerušené spojenie - uložený do karantény Infiltrácia bola zachytená pri prístupe na web aplikáciou: C:\Program Files\Opera\opera.exe.
19.6.2010 16:48:16 Rezidentná ochrana súbor C:\DOCUME~1\Ferda\LOCALS~1\Temp\NERO1005256\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar aplikácia vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená na novom súbore, ktorý bol vytvorený aplikáciou: C:\Documents and Settings\Ferda\Plocha\Nero-9.4.13.2d_trial.exe.
19.6.2010 9:14:38 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
19.6.2010 8:30:44 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
19.6.2010 7:14:00 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
12.6.2010 21:17:07 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
12.6.2010 20:58:31 Rezidentná ochrana súbor I:\Autorun.inf Win32/Tifaut.C červ vyliečený zmazaním - uložený do karantény NT AUTHORITY\SYSTEM Táto skutočnosť bola zistená pri pokuse o prístup k súboru aplikáciou: C:\WINDOWS\System32\svchost.exe.
24.4.2010 6:49:41 POP3 filter emailová správa od: "Support Celia Witt" <label@dhl.com> adresovaná: <mynar.czechgame@volny.cz> s predmetom *SPAM* DHL Delivery Problem NR.85162 s dátumom Fri, 23 Apr 2010 10:35:46 +0100 variant infiltrácie Win32/Sapik trójsky kôň obsahoval infikované súbory FERDA-B32F1CCE4\Ferda Infiltrácia bola zachytená pri preberaní elektronickej pošty aplikáciou: C:\Program Files\Outlook Express\msimn.exe.
Re: Eset blokuje jakési adresy
Detekce Esetem byla před DDS - online skener Esetu škodliviny sám maže,- po další detekci on line skenerem již tento nic nenašel. Okno s hláškou o blokovaných stránkách vyskakuje průběžně stále.
Test z virus total
Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.30 2010.06.27 -
AhnLab-V3 2010.06.27.00 2010.06.26 -
AntiVir 8.2.4.2 2010.06.25 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.26 -
Avast 4.8.1351.0 2010.06.27 Win32:MalOb-BL
Avast5 5.0.332.0 2010.06.27 Win32:MalOb-BL
AVG 9.0.0.836 2010.06.27 FakeAV.CCQ
BitDefender 7.2 2010.06.27 -
CAT-QuickHeal 10.00 2010.06.26 -
ClamAV 0.96.0.3-git 2010.06.26 -
Comodo 5232 2010.06.27 -
DrWeb 5.0.2.03300 2010.06.27 -
eSafe 7.0.17.0 2010.06.24 -
eTrust-Vet 36.1.7668 2010.06.25 Win32/Renos.D!generic
F-Prot 4.6.1.107 2010.06.26 -
F-Secure 9.0.15370.0 2010.06.26 Suspicious:W32/Malware!Gemini
Fortinet 4.1.133.0 2010.06.26 -
GData 21 2010.06.27 Win32:MalOb-BL
Ikarus T3.1.1.84.0 2010.06.27 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.27 -
McAfee 5.400.0.1158 2010.06.27 Downloader-CEW.b
McAfee-GW-Edition 2010.1 2010.06.25 -
Microsoft 1.5902 2010.06.27 -
NOD32 5231 2010.06.27 -
Norman 6.05.10 2010.06.27 -
nProtect 2010-06-27.02 2010.06.27 -
Panda 10.0.2.7 2010.06.26 -
PCTools 7.0.3.5 2010.06.27 -
Rising 22.53.04.05 2010.06.25 -
Sophos 4.54.0 2010.06.27 Mal/FakeAV-CX
Sunbelt 6513 2010.06.27 VirTool.Win32.Obfuscator.hg!b (v)
Symantec 20101.1.0.89 2010.06.27 -
TheHacker 6.5.2.0.303 2010.06.25 -
TrendMicro 9.120.0.1004 2010.06.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.27 -
VBA32 3.12.12.5 2010.06.25 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.26 -
Rozšiřující informace
File size: 162816 bytes
MD5...: 24df55680e2a3a37bc208bf278c03e76
SHA1..: 6e62da7097b1607b51996649425b8e5818e2b2b6
SHA256: 5c42425af740fe8f6ab29266b5fd370ff7dcd57f3068a6a2a2ca87790add34bf
ssdeep: 3072:FGXuq+tcCrVDq8azwbYSMMXF09dVPP6LkKtH+NuvJQTZ0:FMgigazIYS8xP
C9teNwJ+0
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x44b0
timedatestamp.....: 0x4b2ac6f6 (Fri Dec 18 00:04:06 2009)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x7097 0x7200 3.53 864c58e55fedc656092e8c339416864e
.data 0x9000 0x274 0x400 2.73 d28b173591273c1a0126ec27bba3864f
.tls 0xa000 0x1f879 0x1fa00 7.57 27541d0f3a03ea0675583af4440d735c
.idata 0x2a000 0x1d36b 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
DATA 0x48000 0x3ff 0x400 0.87 0df194e8a95a0f1157a508d583592796
( 12 imports )
> ole32.dll: CLSIDFromProgID, GetHGlobalFromStream, CoRevokeClassObject, CoTaskMemFree, OleRegGetUserType, CoGetContextToken, CoCreateFreeThreadedMarshaler
> version.dll: VerQueryValueA
> oleaut32.dll: RegisterTypeLib
> COMCTL32.DLL: ImageList_Add, ImageList_Write, ImageList_DragShowNolock
> advapi32.dll: RegQueryValueExA, RegQueryValueA, RegEnumKeyA, RegCreateKeyA
> KERNEL32.DLL: CreateFileA, CloseHandle, GetStringTypeA, SetEndOfFile, GetProcAddress, VirtualQuery, LoadResource, lstrcmpiA, ExitThread, GetModuleHandleA, LoadLibraryA, ReadFile, EnterCriticalSection, VirtualAlloc
> USER32.DLL: EnumThreadWindows, IsChild, GetWindowThreadProcessId, GetKeyboardType, GetFocus, GetTopWindow, SetMenu, CreateWindowExA, AdjustWindowRectEx, EnableScrollBar, IsDialogMessageA, IsWindowEnabled, GetDlgItem, GetWindowRect, GetDCEx, MessageBoxA, SetWindowPlacement, CharToOemA, SetScrollPos, SetClassLongA, SetMenuItemInfoA, KillTimer, DrawAnimatedRects, SetFocus, ActivateKeyboardLayout, GetMessagePos, GetKeyboardLayout, CallNextHookEx, GetMenuItemInfoA, EndPaint, DrawMenuBar, MsgWaitForMultipleObjects, GetMenuStringA, GetKeyboardLayoutList, SetParent, UpdateWindow, SetWindowLongA, EnumWindows, DestroyMenu, GetScrollPos, SendMessageA, FrameRect, GetActiveWindow, PtInRect, ScrollWindow, CloseClipboard, TrackPopupMenu, OemToCharA, InvalidateRect, RemoveMenu, InsertMenuA, SetClipboardData, RegisterWindowMessageA, GetKeyNameTextA, ScreenToClient, GetCapture, GetClassNameA, OffsetRect, ReleaseCapture, WaitMessage, RemovePropA, EnableWindow, LoadBitmapA, ShowOwnedPopups, IsDialogMessageW, SetWindowPos, SetScrollRange, GetClientRect, IsWindowVisible, DispatchMessageA, DrawTextA, EnableMenuItem, CharLowerBuffA, DestroyWindow, CharUpperBuffA, SendMessageW, LoadStringA, DefFrameProcA, IntersectRect, GetDesktopWindow, GetMenuItemID, GetScrollInfo, SetWindowTextA, DefMDIChildProcA, MapVirtualKeyA, SystemParametersInfoA, IsIconic, UnhookWindowsHookEx, UnregisterClassA, CreateIcon, InflateRect, ShowScrollBar, CreatePopupMenu, PostQuitMessage, EmptyClipboard, GetSubMenu, GetClassInfoA, SetForegroundWindow, BeginPaint, PeekMessageW, CallWindowProcA, CheckMenuItem, RedrawWindow, IsRectEmpty, ClientToScreen, GetSysColorBrush, TranslateMDISysAccel, PeekMessageA, SetWindowsHookExA, CreateMenu, IsWindow, DestroyCursor, GetClassLongA, SetCursor, SetActiveWindow, MessageBeep, OpenClipboard
> SHLWAPI.DLL: SHQueryInfoKeyA, SHGetValueA
> SHELL32.DLL: DragQueryFileA, SHGetFileInfoA
> COMDLG32.DLL: GetSaveFileNameA, ChooseColorA, FindTextA, GetFileTitleA, GetOpenFileNameA
> MSVCRT.DLL: malloc, strncmp, log, memcpy
> GDI32.DLL: GetCurrentPositionEx, SaveDC, BitBlt, CopyEnhMetaFileA, LineTo, CreateCompatibleDC, SetTextColor
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Test z virus total
Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.30 2010.06.27 -
AhnLab-V3 2010.06.27.00 2010.06.26 -
AntiVir 8.2.4.2 2010.06.25 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.26 -
Avast 4.8.1351.0 2010.06.27 Win32:MalOb-BL
Avast5 5.0.332.0 2010.06.27 Win32:MalOb-BL
AVG 9.0.0.836 2010.06.27 FakeAV.CCQ
BitDefender 7.2 2010.06.27 -
CAT-QuickHeal 10.00 2010.06.26 -
ClamAV 0.96.0.3-git 2010.06.26 -
Comodo 5232 2010.06.27 -
DrWeb 5.0.2.03300 2010.06.27 -
eSafe 7.0.17.0 2010.06.24 -
eTrust-Vet 36.1.7668 2010.06.25 Win32/Renos.D!generic
F-Prot 4.6.1.107 2010.06.26 -
F-Secure 9.0.15370.0 2010.06.26 Suspicious:W32/Malware!Gemini
Fortinet 4.1.133.0 2010.06.26 -
GData 21 2010.06.27 Win32:MalOb-BL
Ikarus T3.1.1.84.0 2010.06.27 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.27 -
McAfee 5.400.0.1158 2010.06.27 Downloader-CEW.b
McAfee-GW-Edition 2010.1 2010.06.25 -
Microsoft 1.5902 2010.06.27 -
NOD32 5231 2010.06.27 -
Norman 6.05.10 2010.06.27 -
nProtect 2010-06-27.02 2010.06.27 -
Panda 10.0.2.7 2010.06.26 -
PCTools 7.0.3.5 2010.06.27 -
Rising 22.53.04.05 2010.06.25 -
Sophos 4.54.0 2010.06.27 Mal/FakeAV-CX
Sunbelt 6513 2010.06.27 VirTool.Win32.Obfuscator.hg!b (v)
Symantec 20101.1.0.89 2010.06.27 -
TheHacker 6.5.2.0.303 2010.06.25 -
TrendMicro 9.120.0.1004 2010.06.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.27 -
VBA32 3.12.12.5 2010.06.25 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.26 -
Rozšiřující informace
File size: 162816 bytes
MD5...: 24df55680e2a3a37bc208bf278c03e76
SHA1..: 6e62da7097b1607b51996649425b8e5818e2b2b6
SHA256: 5c42425af740fe8f6ab29266b5fd370ff7dcd57f3068a6a2a2ca87790add34bf
ssdeep: 3072:FGXuq+tcCrVDq8azwbYSMMXF09dVPP6LkKtH+NuvJQTZ0:FMgigazIYS8xP
C9teNwJ+0
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x44b0
timedatestamp.....: 0x4b2ac6f6 (Fri Dec 18 00:04:06 2009)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x7097 0x7200 3.53 864c58e55fedc656092e8c339416864e
.data 0x9000 0x274 0x400 2.73 d28b173591273c1a0126ec27bba3864f
.tls 0xa000 0x1f879 0x1fa00 7.57 27541d0f3a03ea0675583af4440d735c
.idata 0x2a000 0x1d36b 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
DATA 0x48000 0x3ff 0x400 0.87 0df194e8a95a0f1157a508d583592796
( 12 imports )
> ole32.dll: CLSIDFromProgID, GetHGlobalFromStream, CoRevokeClassObject, CoTaskMemFree, OleRegGetUserType, CoGetContextToken, CoCreateFreeThreadedMarshaler
> version.dll: VerQueryValueA
> oleaut32.dll: RegisterTypeLib
> COMCTL32.DLL: ImageList_Add, ImageList_Write, ImageList_DragShowNolock
> advapi32.dll: RegQueryValueExA, RegQueryValueA, RegEnumKeyA, RegCreateKeyA
> KERNEL32.DLL: CreateFileA, CloseHandle, GetStringTypeA, SetEndOfFile, GetProcAddress, VirtualQuery, LoadResource, lstrcmpiA, ExitThread, GetModuleHandleA, LoadLibraryA, ReadFile, EnterCriticalSection, VirtualAlloc
> USER32.DLL: EnumThreadWindows, IsChild, GetWindowThreadProcessId, GetKeyboardType, GetFocus, GetTopWindow, SetMenu, CreateWindowExA, AdjustWindowRectEx, EnableScrollBar, IsDialogMessageA, IsWindowEnabled, GetDlgItem, GetWindowRect, GetDCEx, MessageBoxA, SetWindowPlacement, CharToOemA, SetScrollPos, SetClassLongA, SetMenuItemInfoA, KillTimer, DrawAnimatedRects, SetFocus, ActivateKeyboardLayout, GetMessagePos, GetKeyboardLayout, CallNextHookEx, GetMenuItemInfoA, EndPaint, DrawMenuBar, MsgWaitForMultipleObjects, GetMenuStringA, GetKeyboardLayoutList, SetParent, UpdateWindow, SetWindowLongA, EnumWindows, DestroyMenu, GetScrollPos, SendMessageA, FrameRect, GetActiveWindow, PtInRect, ScrollWindow, CloseClipboard, TrackPopupMenu, OemToCharA, InvalidateRect, RemoveMenu, InsertMenuA, SetClipboardData, RegisterWindowMessageA, GetKeyNameTextA, ScreenToClient, GetCapture, GetClassNameA, OffsetRect, ReleaseCapture, WaitMessage, RemovePropA, EnableWindow, LoadBitmapA, ShowOwnedPopups, IsDialogMessageW, SetWindowPos, SetScrollRange, GetClientRect, IsWindowVisible, DispatchMessageA, DrawTextA, EnableMenuItem, CharLowerBuffA, DestroyWindow, CharUpperBuffA, SendMessageW, LoadStringA, DefFrameProcA, IntersectRect, GetDesktopWindow, GetMenuItemID, GetScrollInfo, SetWindowTextA, DefMDIChildProcA, MapVirtualKeyA, SystemParametersInfoA, IsIconic, UnhookWindowsHookEx, UnregisterClassA, CreateIcon, InflateRect, ShowScrollBar, CreatePopupMenu, PostQuitMessage, EmptyClipboard, GetSubMenu, GetClassInfoA, SetForegroundWindow, BeginPaint, PeekMessageW, CallWindowProcA, CheckMenuItem, RedrawWindow, IsRectEmpty, ClientToScreen, GetSysColorBrush, TranslateMDISysAccel, PeekMessageA, SetWindowsHookExA, CreateMenu, IsWindow, DestroyCursor, GetClassLongA, SetCursor, SetActiveWindow, MessageBeep, OpenClipboard
> SHLWAPI.DLL: SHQueryInfoKeyA, SHGetValueA
> SHELL32.DLL: DragQueryFileA, SHGetFileInfoA
> COMDLG32.DLL: GetSaveFileNameA, ChooseColorA, FindTextA, GetFileTitleA, GetOpenFileNameA
> MSVCRT.DLL: malloc, strncmp, log, memcpy
> GDI32.DLL: GetCurrentPositionEx, SaveDC, BitBlt, CopyEnhMetaFileA, LineTo, CreateCompatibleDC, SetTextColor
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Re: Eset blokuje jakési adresy
Musím nyní na chvíli pryč, budu tu cca za tři hodiny - zatím děkuji za snahu o pomoc
Re: Eset blokuje jakési adresy
Log z Combo Fix:
ComboFix 10-06-26.03 - Ferda 27.06.2010 18:23:11.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1630 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ferda\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Fjoqua.exe
c:\windows\Fjoqub.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
----- BITS: Možné infikované stránky -----
hxxp://install10.nero.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-27 do 2010-06-27 )))))))))))))))))))))))))))))))
.
2010-06-22 07:08 . 2010-06-22 07:22 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-20 17:51 . 2010-06-20 18:34 -------- d---a-w- C:\moje
2010-06-20 00:05 . 2010-06-20 00:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-19 18:36 . 2010-06-19 18:36 -------- d-----w- C:\DriveKey
2010-06-19 15:24 . 2010-06-26 17:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 15:06 . 2010-06-19 19:44 -------- d-----w- c:\program files\Common Files\Nero
2010-06-13 08:51 . 2010-06-13 08:51 -------- d-----w- c:\program files\Common Files\Skype
2010-06-11 18:45 . 2010-06-11 18:45 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-06-11 14:10 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 13:41 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-06-02 13:41 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 11:44 . 2001-10-25 14:00 85828 ----a-w- c:\windows\system32\perfc005.dat
2010-06-27 11:44 . 2001-10-25 14:00 443776 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 07:08 . 2009-06-04 15:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-19 19:55 . 2009-06-16 16:20 -------- d-----w- c:\program files\Nero
2010-06-19 18:34 . 2009-06-04 12:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-19 15:18 . 2009-06-16 16:20 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-17 13:57 . 2010-05-10 12:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-15 12:02 . 2010-05-15 12:02 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 18:58 . 2009-11-15 16:45 -------- d-----w- c:\program files\Electronic Arts
2010-05-01 18:32 . 2010-05-01 18:32 -------- d-----w- c:\program files\Microsoft WSE
2010-05-01 13:30 . 2009-07-30 16:11 -------- d-----w- c:\program files\Java
2010-04-24 15:43 . 2010-04-24 15:43 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-24 15:43 . 2010-04-24 15:43 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-20 05:32 . 2004-08-17 13:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 13:56 . 2010-04-17 13:56 528 ----a-r- C:\MediaID.bin
2010-04-12 15:29 . 2010-05-01 13:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 23:06 . 2010-03-29 23:06 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-29 23:02 . 2010-03-29 23:02 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-09-14 26624]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LaunchList"=c:\program files\Pinnacle\Studio 11\LaunchList2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [21.5.2001 15:01 8051]
S3 GT680xNT;ColorPage-Vivid 1200X;c:\windows\system32\drivers\Gt680x.sys [12.1.2010 12:20 17376]
S3 RockfireAnalogJoystickEnabler;Rockfire Analog Gamedevice driver;c:\windows\system32\drivers\RFTBtn.sys [21.5.2001 12:28 10339]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [4.6.2009 17:15 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.6.2009 17:13 691696]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Ferda\Data aplikací\Mozilla\Firefox\Profiles\sdqgzisw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\progra~1\Crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\firefox\components\xsupport.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-FlashTool_is1 - i:\flashtool\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-27 18:32
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-492894223-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,9d,6a,df,a7,22,3d,aa,3f,9d,ea,5b,4c,61,b5,f7,43,21,cb,98,b5,
96,60,7e,57,c4,d3,10,a4,72,36,ff,0f,e3,c9,84,13,45,88,08,02,a5,cb,a5,eb,2a,\
"rkeysecu"=hex:a1,6f,a2,e6,75,e6,a7,d3,f2,dd,b9,02,7c,3a,ec,bf
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="18FAD9CB9D8294F440AFDCE36F441BA18300E0CB6E78ECD7713BE5B946AA3B0838F469041A0F0CB11B84F9D6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C9DB7CE019D40AA5CA6171C11EC38DE3DA1EBC1E0949BDD9A8CED52C03BF49BFEFDBFD760CB5DCB89235AEF618D0C32230D95E0E88487771DED7CB3F7F99CBF6861E9C88C8AAA4D25477B0A18CB37BBFCAE52ACC17F594255D1A1F97ECF700EC11D11B272AA2FA45B4BE9F7251C705DD4131DCF0AC9E5E76B5C9032506907E0220D3CA209E0E47A4F6621669EDCB8B0F768873A140BD2117C550D2B1CD9CE939335066BFEC8207B9972B0C6CD5166D3AD04B41F66519B709A2BF0F94614050892B91C21B4E1825BC46E3C51B0A0236AACDDDC74BA0C0E37486E287666F33EA21366421DBC8B864F4EFC7AFDF8D66B1A208FCDF58110CD9D82D3B63BC634E2CAF9A7CC7CE18F7710AA67B50C0BE2128E29DBE5A2DB1652DFB234AF2B68782DEEA28F27A0209578DBBF954EFD0118BC755B251ABE2139E4BD3C8C3DE8FE442F7E5953CF2E26AD7CF36918B81A28ADE582BFF373CF5A7A247AF27E9CDC7003CAEEE04F570EDAC9CD9E7721796903C0DA6CD0F30CA2C83E05DC9FCC1FB25981B8B7EFFEE6EDD5C087A52B872EB946CEBC6CFE7497C5DB4ECBB280622A5B887084D6AE8536BFE3CB1AD53DC7851FDA3B82C2AE6A578B3C549549C5CBB50A83650ECBBCA99437058ACC80D67E426E604F74B038EC250B43E34FF61439D0387FD9081CACD264CEED7EB5FD986F3B4226B4B1FDE638EC2000ED3C11067F9BA068AB7CD083101C42860E44A395825D78B27AAAF3FBACADEA354E727327994CC45E9B4575BA93C4936D843753D2C12733BF16A6E2294D7ECC593EDE7E7822AB68B54F929BC0B37E88F08F246BCD5BAAD83A5CBE1C9842056E95E03E96705A1613F350E7D678E8F92917C1F254F4249013C30B60776658FE39C939A4A1F628FD91D58C9EC037537E421792E1F5A991945133C0CD4FA0FEBCDD09AFF70D6893E873CB5460F4C6B1E5665FD980BDC4BE05C410801D81CC48A04E191173C6184A6F8D775EAE95666D1E6A0E59341E906944639832B7F1E3EE2643748D25C3C81C3FF631C15CC6C60EAA667930358DCCF64CE6BEA0DA854FCD5637C939F17B34FE990D85FE12B00E4120B828E69104ABECA5CFA77B98A8F0E2D3687B0D8DE8070BD2EFB274CA7F565B2A03D9E62980D377F1DC2DD557491C55D15B9F65058B637D5503ABE9D566AECF8628FB7F3004E06362975DA8D0D91A6B19D50202B668DDB71EED1A08D816973A07D235623013E2A4BFC7F74D12D0251106E39F09548600BDBE1FD7DB494B095713EFDD26853A5BD1E3FBF304FC29EDD587542C"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1248)
c:\windows\TrnOEH.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Celkový čas: 2010-06-27 18:34:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-27 16:33
Před spuštěním: Volných bajtů: 27 867 312 128
Po spuštění: Volných bajtů: 35 674 394 624
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - C3940240210C4BB003F056E943D939A2
ComboFix 10-06-26.03 - Ferda 27.06.2010 18:23:11.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1630 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ferda\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Fjoqua.exe
c:\windows\Fjoqub.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
----- BITS: Možné infikované stránky -----
hxxp://install10.nero.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-27 do 2010-06-27 )))))))))))))))))))))))))))))))
.
2010-06-22 07:08 . 2010-06-22 07:22 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-20 17:51 . 2010-06-20 18:34 -------- d---a-w- C:\moje
2010-06-20 00:05 . 2010-06-20 00:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-19 18:36 . 2010-06-19 18:36 -------- d-----w- C:\DriveKey
2010-06-19 15:24 . 2010-06-26 17:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 15:06 . 2010-06-19 19:44 -------- d-----w- c:\program files\Common Files\Nero
2010-06-13 08:51 . 2010-06-13 08:51 -------- d-----w- c:\program files\Common Files\Skype
2010-06-11 18:45 . 2010-06-11 18:45 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-06-11 14:10 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 13:41 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-06-02 13:41 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 11:44 . 2001-10-25 14:00 85828 ----a-w- c:\windows\system32\perfc005.dat
2010-06-27 11:44 . 2001-10-25 14:00 443776 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 07:08 . 2009-06-04 15:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-19 19:55 . 2009-06-16 16:20 -------- d-----w- c:\program files\Nero
2010-06-19 18:34 . 2009-06-04 12:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-19 15:18 . 2009-06-16 16:20 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-17 13:57 . 2010-05-10 12:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-15 12:02 . 2010-05-15 12:02 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-05-06 10:35 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-17 13:44 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 18:58 . 2009-11-15 16:45 -------- d-----w- c:\program files\Electronic Arts
2010-05-01 18:32 . 2010-05-01 18:32 -------- d-----w- c:\program files\Microsoft WSE
2010-05-01 13:30 . 2009-07-30 16:11 -------- d-----w- c:\program files\Java
2010-04-24 15:43 . 2010-04-24 15:43 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-24 15:43 . 2010-04-24 15:43 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-20 05:32 . 2004-08-17 13:48 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 13:56 . 2010-04-17 13:56 528 ----a-r- C:\MediaID.bin
2010-04-12 15:29 . 2010-05-01 13:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 23:06 . 2010-03-29 23:06 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-29 23:02 . 2010-03-29 23:02 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-09-14 26624]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LaunchList"=c:\program files\Pinnacle\Studio 11\LaunchList2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [21.5.2001 15:01 8051]
S3 GT680xNT;ColorPage-Vivid 1200X;c:\windows\system32\drivers\Gt680x.sys [12.1.2010 12:20 17376]
S3 RockfireAnalogJoystickEnabler;Rockfire Analog Gamedevice driver;c:\windows\system32\drivers\RFTBtn.sys [21.5.2001 12:28 10339]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [4.6.2009 17:15 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.6.2009 17:13 691696]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Ferda\Data aplikací\Mozilla\Firefox\Profiles\sdqgzisw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\progra~1\Crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\Crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\Crawler\firefox\components\xsupport.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-FlashTool_is1 - i:\flashtool\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-27 18:32
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-492894223-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,9d,6a,df,a7,22,3d,aa,3f,9d,ea,5b,4c,61,b5,f7,43,21,cb,98,b5,
96,60,7e,57,c4,d3,10,a4,72,36,ff,0f,e3,c9,84,13,45,88,08,02,a5,cb,a5,eb,2a,\
"rkeysecu"=hex:a1,6f,a2,e6,75,e6,a7,d3,f2,dd,b9,02,7c,3a,ec,bf
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="18FAD9CB9D8294F440AFDCE36F441BA18300E0CB6E78ECD7713BE5B946AA3B0838F469041A0F0CB11B84F9D6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C9DB7CE019D40AA5CA6171C11EC38DE3DA1EBC1E0949BDD9A8CED52C03BF49BFEFDBFD760CB5DCB89235AEF618D0C32230D95E0E88487771DED7CB3F7F99CBF6861E9C88C8AAA4D25477B0A18CB37BBFCAE52ACC17F594255D1A1F97ECF700EC11D11B272AA2FA45B4BE9F7251C705DD4131DCF0AC9E5E76B5C9032506907E0220D3CA209E0E47A4F6621669EDCB8B0F768873A140BD2117C550D2B1CD9CE939335066BFEC8207B9972B0C6CD5166D3AD04B41F66519B709A2BF0F94614050892B91C21B4E1825BC46E3C51B0A0236AACDDDC74BA0C0E37486E287666F33EA21366421DBC8B864F4EFC7AFDF8D66B1A208FCDF58110CD9D82D3B63BC634E2CAF9A7CC7CE18F7710AA67B50C0BE2128E29DBE5A2DB1652DFB234AF2B68782DEEA28F27A0209578DBBF954EFD0118BC755B251ABE2139E4BD3C8C3DE8FE442F7E5953CF2E26AD7CF36918B81A28ADE582BFF373CF5A7A247AF27E9CDC7003CAEEE04F570EDAC9CD9E7721796903C0DA6CD0F30CA2C83E05DC9FCC1FB25981B8B7EFFEE6EDD5C087A52B872EB946CEBC6CFE7497C5DB4ECBB280622A5B887084D6AE8536BFE3CB1AD53DC7851FDA3B82C2AE6A578B3C549549C5CBB50A83650ECBBCA99437058ACC80D67E426E604F74B038EC250B43E34FF61439D0387FD9081CACD264CEED7EB5FD986F3B4226B4B1FDE638EC2000ED3C11067F9BA068AB7CD083101C42860E44A395825D78B27AAAF3FBACADEA354E727327994CC45E9B4575BA93C4936D843753D2C12733BF16A6E2294D7ECC593EDE7E7822AB68B54F929BC0B37E88F08F246BCD5BAAD83A5CBE1C9842056E95E03E96705A1613F350E7D678E8F92917C1F254F4249013C30B60776658FE39C939A4A1F628FD91D58C9EC037537E421792E1F5A991945133C0CD4FA0FEBCDD09AFF70D6893E873CB5460F4C6B1E5665FD980BDC4BE05C410801D81CC48A04E191173C6184A6F8D775EAE95666D1E6A0E59341E906944639832B7F1E3EE2643748D25C3C81C3FF631C15CC6C60EAA667930358DCCF64CE6BEA0DA854FCD5637C939F17B34FE990D85FE12B00E4120B828E69104ABECA5CFA77B98A8F0E2D3687B0D8DE8070BD2EFB274CA7F565B2A03D9E62980D377F1DC2DD557491C55D15B9F65058B637D5503ABE9D566AECF8628FB7F3004E06362975DA8D0D91A6B19D50202B668DDB71EED1A08D816973A07D235623013E2A4BFC7F74D12D0251106E39F09548600BDBE1FD7DB494B095713EFDD26853A5BD1E3FBF304FC29EDD587542C"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1248)
c:\windows\TrnOEH.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Celkový čas: 2010-06-27 18:34:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-27 16:33
Před spuštěním: Volných bajtů: 27 867 312 128
Po spuštění: Volných bajtů: 35 674 394 624
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - C3940240210C4BB003F056E943D939A2
Re: Eset blokuje jakési adresy
výsledek z Virus Total:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.30 2010.06.27 -
AhnLab-V3 2010.06.27.01 2010.06.27 -
AntiVir 8.2.4.2 2010.06.25 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.27 -
Avast 4.8.1351.0 2010.06.27 -
Avast5 5.0.332.0 2010.06.27 -
AVG 9.0.0.836 2010.06.27 -
BitDefender 7.2 2010.06.27 -
CAT-QuickHeal 10.00 2010.06.26 -
ClamAV 0.96.0.3-git 2010.06.27 -
Comodo 5235 2010.06.27 -
DrWeb 5.0.2.03300 2010.06.27 -
eSafe 7.0.17.0 2010.06.27 -
eTrust-Vet 36.1.7668 2010.06.25 -
F-Prot 4.6.1.107 2010.06.27 -
F-Secure 9.0.15370.0 2010.06.27 -
Fortinet 4.1.133.0 2010.06.27 -
GData 21 2010.06.27 -
Ikarus T3.1.1.84.0 2010.06.27 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.27 -
McAfee 5.400.0.1158 2010.06.27 -
McAfee-GW-Edition 2010.1 2010.06.25 -
Microsoft 1.5902 2010.06.27 -
NOD32 5232 2010.06.27 -
Norman 6.05.10 2010.06.27 -
nProtect 2010-06-27.02 2010.06.27 -
Panda 10.0.2.7 2010.06.27 -
PCTools 7.0.3.5 2010.06.27 -
Prevx 3.0 2010.06.27 -
Rising 22.53.04.05 2010.06.25 -
Sophos 4.54.0 2010.06.27 -
Sunbelt 6514 2010.06.27 -
Symantec 20101.1.0.89 2010.06.27 -
TheHacker 6.5.2.0.303 2010.06.25 -
TrendMicro 9.120.0.1004 2010.06.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.27 -
VBA32 3.12.12.5 2010.06.25 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.27 -
Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.30 2010.06.27 -
AhnLab-V3 2010.06.27.01 2010.06.27 -
AntiVir 8.2.4.2 2010.06.25 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.27 -
Avast 4.8.1351.0 2010.06.27 -
Avast5 5.0.332.0 2010.06.27 -
AVG 9.0.0.836 2010.06.27 -
BitDefender 7.2 2010.06.27 -
CAT-QuickHeal 10.00 2010.06.26 -
ClamAV 0.96.0.3-git 2010.06.27 -
Comodo 5235 2010.06.27 -
DrWeb 5.0.2.03300 2010.06.27 -
eSafe 7.0.17.0 2010.06.27 -
eTrust-Vet 36.1.7668 2010.06.25 -
F-Prot 4.6.1.107 2010.06.27 -
F-Secure 9.0.15370.0 2010.06.27 -
Fortinet 4.1.133.0 2010.06.27 -
GData 21 2010.06.27 -
Ikarus T3.1.1.84.0 2010.06.27 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.27 -
McAfee 5.400.0.1158 2010.06.27 -
McAfee-GW-Edition 2010.1 2010.06.25 -
Microsoft 1.5902 2010.06.27 -
NOD32 5232 2010.06.27 -
Norman 6.05.10 2010.06.27 -
nProtect 2010-06-27.02 2010.06.27 -
Panda 10.0.2.7 2010.06.27 -
PCTools 7.0.3.5 2010.06.27 -
Prevx 3.0 2010.06.27 -
Rising 22.53.04.05 2010.06.25 -
Sophos 4.54.0 2010.06.27 -
Sunbelt 6514 2010.06.27 -
Symantec 20101.1.0.89 2010.06.27 -
TheHacker 6.5.2.0.303 2010.06.25 -
TrendMicro 9.120.0.1004 2010.06.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.27 -
VBA32 3.12.12.5 2010.06.25 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.27 -
Re: Eset blokuje jakési adresy
Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.30 2010.06.27 -
AhnLab-V3 2010.06.27.01 2010.06.27 -
AntiVir 8.2.4.2 2010.06.25 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.27 -
Avast 4.8.1351.0 2010.06.27 -
Avast5 5.0.332.0 2010.06.27 -
AVG 9.0.0.836 2010.06.27 -
BitDefender 7.2 2010.06.27 -
CAT-QuickHeal 10.00 2010.06.26 -
ClamAV 0.96.0.3-git 2010.06.27 -
Comodo 5235 2010.06.27 -
DrWeb 5.0.2.03300 2010.06.27 -
eSafe 7.0.17.0 2010.06.27 -
eTrust-Vet 36.1.7668 2010.06.25 -
F-Prot 4.6.1.107 2010.06.27 -
F-Secure 9.0.15370.0 2010.06.27 -
Fortinet 4.1.133.0 2010.06.27 -
GData 21 2010.06.27 -
Ikarus T3.1.1.84.0 2010.06.27 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.27 -
McAfee 5.400.0.1158 2010.06.27 -
McAfee-GW-Edition 2010.1 2010.06.25 -
Microsoft 1.5902 2010.06.27 -
NOD32 5232 2010.06.27 -
Norman 6.05.10 2010.06.27 -
nProtect 2010-06-27.02 2010.06.27 -
Panda 10.0.2.7 2010.06.27 -
PCTools 7.0.3.5 2010.06.27 -
Prevx 3.0 2010.06.27 -
Rising 22.53.04.05 2010.06.25 -
Sophos 4.54.0 2010.06.27 -
Sunbelt 6514 2010.06.27 -
Symantec 20101.1.0.89 2010.06.27 -
TheHacker 6.5.2.0.303 2010.06.25 -
TrendMicro 9.120.0.1004 2010.06.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.27 -
VBA32 3.12.12.5 2010.06.25 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.27 -
Rozšiřující informace
File size: 45056 bytes
MD5...: 2dacc14514d0111cdc5cf9d0a7736800
SHA1..: 12989bb674a524a5f027c8985d2d2600e82cb25c
SHA256: 03e868676dd6c2c38dab0b938f07b0bd4010fad3c54eb514c9a4926df7e5324d
ssdeep: 768:s9Vg1v9ekzdt4RpJvGnKLeJPZbQGEUK+jf02YDjzGG:wg1v9vzb4RpJvGnKL
CPZbQGE0oDjzL
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x168e
timedatestamp.....: 0x44f01265 (Sat Aug 26 09:20:37 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5264 0x6000 6.05 4255c6a5a1c77ca86fbce9dfcaf2e150
.rdata 0x7000 0x189b 0x2000 4.15 e6e1195b23ffe8e6b7d516d4d14d396c
.data 0x9000 0x127c 0x1000 1.56 7faa99ea57a51963e1a5d84b41afe85b
.reloc 0xb000 0xd54 0x1000 3.71 383ef54dc48037efef57c6a72c98ab66
( 2 imports )
> KERNEL32.dll: LoadLibraryA, GetProcAddress, GetVersionExA, CloseHandle, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, FreeLibrary, GetModuleFileNameA, GetSystemInfo, VirtualProtect, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetCommandLineA, ExitProcess, GetModuleHandleA, TerminateProcess, GetCurrentProcess, TlsAlloc, SetLastError, GetLastError, TlsFree, TlsSetValue, TlsGetValue, HeapFree, HeapAlloc, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, UnhandledExceptionFilter, WriteFile, LeaveCriticalSection, EnterCriticalSection, GetACP, GetOEMCP, GetCPInfo, VirtualAlloc, HeapReAlloc, InitializeCriticalSection, RtlUnwind, InterlockedExchange, VirtualQuery, HeapSize, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW, QueryPerformanceCounter, GetTickCount
> USER32.dll: CharUpperA, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, GetClassNameA, GetParent, IsWindow
( 3 exports )
InstallOE, StartOE, hook
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Pro úplnost musím ještě uvést, že se mi stále vnucuje instalace aktualizací Windows:KB 976576,KB 982168,KB979909 - několikrát jsem je již stáhl a před vypnutím pc nechal proběhnout jejich instalaci, přesto se za chvíli ukazuje hláška o jejich nainstalování.
Hláška Esetu se už neobjevuje
a-squared 5.0.0.30 2010.06.27 -
AhnLab-V3 2010.06.27.01 2010.06.27 -
AntiVir 8.2.4.2 2010.06.25 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.27 -
Avast 4.8.1351.0 2010.06.27 -
Avast5 5.0.332.0 2010.06.27 -
AVG 9.0.0.836 2010.06.27 -
BitDefender 7.2 2010.06.27 -
CAT-QuickHeal 10.00 2010.06.26 -
ClamAV 0.96.0.3-git 2010.06.27 -
Comodo 5235 2010.06.27 -
DrWeb 5.0.2.03300 2010.06.27 -
eSafe 7.0.17.0 2010.06.27 -
eTrust-Vet 36.1.7668 2010.06.25 -
F-Prot 4.6.1.107 2010.06.27 -
F-Secure 9.0.15370.0 2010.06.27 -
Fortinet 4.1.133.0 2010.06.27 -
GData 21 2010.06.27 -
Ikarus T3.1.1.84.0 2010.06.27 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.27 -
McAfee 5.400.0.1158 2010.06.27 -
McAfee-GW-Edition 2010.1 2010.06.25 -
Microsoft 1.5902 2010.06.27 -
NOD32 5232 2010.06.27 -
Norman 6.05.10 2010.06.27 -
nProtect 2010-06-27.02 2010.06.27 -
Panda 10.0.2.7 2010.06.27 -
PCTools 7.0.3.5 2010.06.27 -
Prevx 3.0 2010.06.27 -
Rising 22.53.04.05 2010.06.25 -
Sophos 4.54.0 2010.06.27 -
Sunbelt 6514 2010.06.27 -
Symantec 20101.1.0.89 2010.06.27 -
TheHacker 6.5.2.0.303 2010.06.25 -
TrendMicro 9.120.0.1004 2010.06.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.27 -
VBA32 3.12.12.5 2010.06.25 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.27 -
Rozšiřující informace
File size: 45056 bytes
MD5...: 2dacc14514d0111cdc5cf9d0a7736800
SHA1..: 12989bb674a524a5f027c8985d2d2600e82cb25c
SHA256: 03e868676dd6c2c38dab0b938f07b0bd4010fad3c54eb514c9a4926df7e5324d
ssdeep: 768:s9Vg1v9ekzdt4RpJvGnKLeJPZbQGEUK+jf02YDjzGG:wg1v9vzb4RpJvGnKL
CPZbQGE0oDjzL
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x168e
timedatestamp.....: 0x44f01265 (Sat Aug 26 09:20:37 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5264 0x6000 6.05 4255c6a5a1c77ca86fbce9dfcaf2e150
.rdata 0x7000 0x189b 0x2000 4.15 e6e1195b23ffe8e6b7d516d4d14d396c
.data 0x9000 0x127c 0x1000 1.56 7faa99ea57a51963e1a5d84b41afe85b
.reloc 0xb000 0xd54 0x1000 3.71 383ef54dc48037efef57c6a72c98ab66
( 2 imports )
> KERNEL32.dll: LoadLibraryA, GetProcAddress, GetVersionExA, CloseHandle, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, FreeLibrary, GetModuleFileNameA, GetSystemInfo, VirtualProtect, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetCommandLineA, ExitProcess, GetModuleHandleA, TerminateProcess, GetCurrentProcess, TlsAlloc, SetLastError, GetLastError, TlsFree, TlsSetValue, TlsGetValue, HeapFree, HeapAlloc, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, UnhandledExceptionFilter, WriteFile, LeaveCriticalSection, EnterCriticalSection, GetACP, GetOEMCP, GetCPInfo, VirtualAlloc, HeapReAlloc, InitializeCriticalSection, RtlUnwind, InterlockedExchange, VirtualQuery, HeapSize, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW, QueryPerformanceCounter, GetTickCount
> USER32.dll: CharUpperA, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, GetClassNameA, GetParent, IsWindow
( 3 exports )
InstallOE, StartOE, hook
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Pro úplnost musím ještě uvést, že se mi stále vnucuje instalace aktualizací Windows:KB 976576,KB 982168,KB979909 - několikrát jsem je již stáhl a před vypnutím pc nechal proběhnout jejich instalaci, přesto se za chvíli ukazuje hláška o jejich nainstalování.
Hláška Esetu se už neobjevuje
Re: Eset blokuje jakési adresy
Sken z DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ferda at 20:14:14,53 on ne 27.06.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1410 [GMT 2:00]
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ferda\Plocha\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: WebTransBHO Class: {2db66063-bb98-466a-aa0d-3e7acf5ed853} - c:\windows\WebIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WebTranslator: {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - c:\windows\WebIE.dll
TB: &Crawler lišta: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [OEXPRESS] c:\windows\OETRN.EXE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ferda\dataap~1\mozilla\firefox\profiles\sdqgzisw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\progra~1\crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\crawler\firefox\components\xsupport.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2001-5-21 8051]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2009-6-4 223128]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]
S3 GT680xNT;ColorPage-Vivid 1200X;c:\windows\system32\drivers\Gt680x.sys [2010-1-12 17376]
S3 RockfireAnalogJoystickEnabler;Rockfire Analog Gamedevice driver;c:\windows\system32\drivers\RFTBtn.sys [2001-5-21 10339]
=============== Created Last 30 ================
2010-06-27 16:22:22 0 d-sha-r- C:\cmdcons
2010-06-27 16:16:07 77312 ----a-w- c:\windows\MBR.exe
2010-06-27 16:16:07 256512 ----a-w- c:\windows\PEV.exe
2010-06-27 16:16:07 161792 ----a-w- c:\windows\SWREG.exe
2010-06-27 16:16:06 98816 ----a-w- c:\windows\sed.exe
2010-06-22 07:08:17 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-20 17:51:46 0 d---a-w- C:\moje
2010-06-19 18:36:51 0 d-----w- C:\DriveKey
2010-06-19 15:06:23 0 d-----w- c:\docume~1\alluse~1\dataap~1\Nero
2010-06-11 18:45:25 0 d--h--w- c:\windows\system32\GroupPolicy
2010-06-11 14:10:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 13:41:30 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-06-02 13:41:30 21504 ----a-w- c:\windows\system32\hidserv.dll
==================== Find3M ====================
2010-06-27 17:44:33 85828 ----a-w- c:\windows\system32\perfc005.dat
2010-06-27 17:44:33 443776 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 07:08:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-06 10:35:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09:42 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 15:43:32 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-24 15:43:32 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-20 05:32:05 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 13:56:03 528 ----a-r- C:\MediaID.bin
2010-04-12 15:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 23:06:46 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-29 23:02:56 295264 ----a-w- c:\windows\system32\PresentationHost.exe
============= FINISH: 20:14:49,32 ===============
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ferda at 20:14:14,53 on ne 27.06.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1410 [GMT 2:00]
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ferda\Plocha\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: WebTransBHO Class: {2db66063-bb98-466a-aa0d-3e7acf5ed853} - c:\windows\WebIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WebTranslator: {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - c:\windows\WebIE.dll
TB: &Crawler lišta: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [OEXPRESS] c:\windows\OETRN.EXE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ferda\dataap~1\mozilla\firefox\profiles\sdqgzisw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\progra~1\crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\crawler\firefox\components\xsupport.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2001-5-21 8051]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2009-6-4 223128]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]
S3 GT680xNT;ColorPage-Vivid 1200X;c:\windows\system32\drivers\Gt680x.sys [2010-1-12 17376]
S3 RockfireAnalogJoystickEnabler;Rockfire Analog Gamedevice driver;c:\windows\system32\drivers\RFTBtn.sys [2001-5-21 10339]
=============== Created Last 30 ================
2010-06-27 16:22:22 0 d-sha-r- C:\cmdcons
2010-06-27 16:16:07 77312 ----a-w- c:\windows\MBR.exe
2010-06-27 16:16:07 256512 ----a-w- c:\windows\PEV.exe
2010-06-27 16:16:07 161792 ----a-w- c:\windows\SWREG.exe
2010-06-27 16:16:06 98816 ----a-w- c:\windows\sed.exe
2010-06-22 07:08:17 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-20 17:51:46 0 d---a-w- C:\moje
2010-06-19 18:36:51 0 d-----w- C:\DriveKey
2010-06-19 15:06:23 0 d-----w- c:\docume~1\alluse~1\dataap~1\Nero
2010-06-11 18:45:25 0 d--h--w- c:\windows\system32\GroupPolicy
2010-06-11 14:10:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 13:41:30 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-06-02 13:41:30 21504 ----a-w- c:\windows\system32\hidserv.dll
==================== Find3M ====================
2010-06-27 17:44:33 85828 ----a-w- c:\windows\system32\perfc005.dat
2010-06-27 17:44:33 443776 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 07:08:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-06 10:35:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09:42 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 15:43:32 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-04-24 15:43:32 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-04-20 05:32:05 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 13:56:03 528 ----a-r- C:\MediaID.bin
2010-04-12 15:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 23:06:46 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-29 23:02:56 295264 ----a-w- c:\windows\system32\PresentationHost.exe
============= FINISH: 20:14:49,32 ===============
Re: Eset blokuje jakési adresy
Děkuji a přeji hezký den
Přispějete na provoz fóra?